Profile of Internal Audit Chief
Sertifikasi, Pendidikan dan/atau Pelatihan Personil Internal Audit
Personil IA telah mengikuti berbagai program sertifikasi, pendidikan dan/atau pelatihan dalam rangka pengembangan kompetensi untuk menunjang pelaksanaan tugas-tugasnya. Saat ini IA telah memiliki 2 personil yang memiliki sertifikasi Qualified Internal Audit (QIA), 1 personil dengan sertifikasi ISO 27001 Lead Auditor dan 1 personil dengan sertifikasi Certified Risk Management Professional (CRMP). Selama tahun 2022, program-program sertifikasi, pendidikan dan/atau pelatihan yang telah diikuti personil IA sebagai berikut:
No Tanggal
Date Topik
Topics Tempat
Venue
1 15 Februari | February Financial, Accounting & Tax Online - Jakarta
2 7 Maret | March Workshop Cyber Security Health Check Online - Jakarta
3 15 Maret | March Data Analytics Online - Jakarta
4 24 Maret | March Tools & Techniques Lead Auditor Online - Jakarta
5 13 April | April Forum Pimpinan: Digital Era: Challenges & Opportunity Online - Jakarta
6 21 April | April Workshop Cyber Incident Response Online - Jakarta
7 26 April | April Communication Skill Online - Jakarta
8 19 Mei | May Financial Auditing for Auditor Online - Jakarta
9 30 Mei | May Basic Legal Online - Jakarta
10 31 Mei | May Database Processing Using Excel Online - Jakarta
11 12 Juni | June Customer Focus Online - Jakarta
12 14 Juni | June Introduction to IT General Control & Application Control (IT Audit for Non-IT Auditor) Online - Jakarta
13 20 Juni | June Problem Solving & Decision Making Online - Jakarta
14 21 Juni | June Enterprise Risk Management (ERM) Online - Jakarta
15 22 Juni | June Certified Internal Auditor (CIA) Preparation Online - Jakarta
16 23 Juni | June Root Cause Analysis Online - Jakarta
17 5 Juli | July Workshop COSO Online - Jakarta
18 13 Agustus | August Workshop Internal Control to Prevent Fraud Online - Jakarta
Certification, education and / or training of Internal Audit personnel
IA personnel have participated in various certification, education and/or training programs in order to develop competencies to support the implementation of their duties.
Currently, IA has 2 personnel with Qualified Internal Audit (QIA) certification, 1 personnel with ISO 27001 Lead Auditor certification and 1 personnel with Certified Risk Management Professional (CRMP). During 2022, the certification, education and/or training programs that IA personnel have participated in are as follows:
20 27 Agustus | August Workshop Creative Accounting vs Tax Planning Online - Jakarta 21 22-31 Agustus | August Sertifikasi Qualified Internal Auditor Tingkat Manajerial Online - Jakarta
22 10 Oktober | October Sertifikasi Certified Fraud Examiners (CFE) Online - Jakarta
23 25 Oktober | October Forum Pimpinan: Strategic Direction 2023, Digitalization Project, Preparedness Privacy of Data Compliance, Roles Internal Audit & Risk Management in ESG; Risk Management New
Initiatives, Cyber Pentest Lab Menara Astra - Jakarta 24 1-17 November |
November Astra Sustainability Leadership Program Online - Jakarta
25 30 November |
November Seminar Nasional Internal Audit Bali
Pelaksanaan Tugas Internal Audit
Selama tahun 2022, IA telah melaksanakan 88 aktivitas atau proyek di divisi/Head Office dan anak perusahaan/site yang meliputi aktivitas asurans dan konsultansi seperti audit operasional, audit kepatuhan, special audit hingga advisory.
Monitoring Implementation Status of Recommendation (ISR) dari Laporan Hasil Audit yang telah diterbitkan juga dilakukan secara berkala.
Aktivitas IA pada semester pertama tahun 2022 sebagian besar dilakukan dengan metode jarak jauh (remote auditing) dan memaksimalkan penggunaan data analytics tools yang sudah ada. Sedangkan pada semester kedua tahun 2022, mengingat kondisi pandemik Covid-19 yang sudah lebih terkendali maka aktivitas IA dilakukan secara offline/visit.
Secara periodik, ringkasan dari temuan, rekomendasi, dan aksi tindak lanjut dilaporkan secara langsung kepada Direksi dan juga kepada Dewan Komisaris melalui Komite Audit.
Selama tahun 2022, Auditor Internal telah melaksanakan enam kali pertemuan dengan Direksi dan delapan kali pertemuan dengan Komite Audit.
Sistem Pengendalian Internal
Direksi bertanggung jawab atas sistem pengendalian internal Perseroan. Sistem pengendalian internal disusun untuk mengelola risiko, membantu menjaga aktiva Perusahaan dari tindakan yang merugikan maupun penyimpangan lainnya, dan memberikan suatu kepastian yang wajar atas aktivitas yang ditelaah meliputi aspek operasional, keuangan dan kepatuhan terhadap peraturan perundang-undangan terkait.
Perseroan menerapkan sistem pengendalian internal yang memenuhi kerangka pengendalian yang diakui secara internasional oleh the Committee of Sponsoring Organizations of the Treadway Commission (COSO) yang meliputi adanya komponen control environment, risk assessment, control activities, information - communication, serta proses monitoring, pada semua lini dalam perusahaan.
Sistem pengendalian Perseroan juga menerapkan konsep three lines of defense, dimana manajemen operasional bertugas menjalankan sistem pengendalian internal dan pengawasan yang memadai pada lini pertama. Lini kedua, yaitu fungsi manajemen risiko dan pengendali lain yang mengukur tingkat risiko dan pengendalian, melakukan pemantauan secara berkala terhadap jalannya fungsi pengendalian. Sebagai salah satu contoh penerapan pengendalian yang dilakukan oleh lini kedua, Perseroan memiliki program Excellence Golden Rules (EGR) yang dilakukan secara berkala setiap semester. Program ini melibatkan fungsi-fungsi terkait di level Head Office untuk melakukan pemantauan atas penerapan pengendalian
Implementation Of Internal Audit Tasks
During 2022, IA has carried out 88 activities or projects in divisions/Head Office and subsidiaries/sites covering assurance and consultancy activities such as operational audits, compliance audits, special audits to advisory.
Monitoring of the Implementation Status of Recommendation (ISR) of the Audit Report that has been issued is also carried out periodically.
IA activities in the first half of 2022 were mostly carried out by remote auditing and maximizing the use of existing data analytics tools. Whereas in the second semester of 2022, given the more controlled conditions of the Covid-19 pandemic, IA activities is performed by off line/visit. Periodically, a summary of findings, recommendations and follow-up actions are reported directly to the Board of Directors and also to the Board of Commissioners through the Audit Committee. During 2022, the Internal Auditor conducted six meetings with the Board of Directors and eight meetings with the Audit Committee.
Sistem Pengendalian Internal
The board of Directors is responsible for the company's internal control system. The internal control system is designed to manage risk, help to protect the Company's assets from adverse actions and other irregularities, and provide reasonable assurance of the activities reviewed including operational, financial, and compliance with relevant laws and regulations.
The Company implements an internal control system that meets the internationally recognized control framework by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) which includes the components of control environment, risk assessment, control activities, information - communication, and monitoring processes, at all levels in the company.
The Company's control system also applies the three lines of defense concept, where operational management is in charge of running an adequate internal control and supervision system on the first line. The second line, which is the risk management function and other controls that measure the level of risk and control, conducts regular monitoring of the control function operation. As an example of the implementation of controls performed by the second line, every semester the Company conducted an Excellence Golden Rules (EGR) program. This program involves relevant functions at the Head Office level to monitor the implementation of internal controls by site-level operational management based on the applicable formal procedures.
G o o d C o r p o r a t e G o v e r n a n c e
reasonable assurance on the corporate governance, risk and control systems through assurance activities.
Internal Control effectiveness Evaluation in 2022 In order to ensure the effectiveness of the internal control system, the Company routinely conducts evaluations to ensure that policies, Standard Operating Procedure (SOP), accounting principles, risk management, and governance in the Company run effectively and efficiently.
IA, under the direction of the President Director, supports the Board of Directors by analyzing the effectiveness of the internal control system and assists the Management to ensure that there is excellent coordination between the company's control functions at the Site and Head Office levels in order for each function to perform its control function effectively. The Internal Audit Division assists the stakeholders by providing assurance and consulting services that refer to the Institute of Internal Auditors standards (IIA)
Based on the analysis of the 2022 audit report, the Board of Directors concluded that the internal control system is adequate and effective to protect the company interests.
Risk Management
An effective risk management system is a task performed by all levels of the Company's management as a whole.
Each function or work unit is responsible for performing a sustainable risk governance process starting from the identification, evaluation, mitigation and monitoring of the risks in accordance with the authority attached to each function.
The Risk Management team facilitates the assessment of the risks identified by the relevant functions, then submits the main risk reports to the Board of Directors and the Audit Committee on a regular basis.
The Company analyzes all potential risks and then formulates a risk control or management strategy. The purpose of implementing risk management:
1. Provide information required by the Board of Directors and management regarding the potential risks faced by the Company.
2. The available information is used as foundation for the Board of Directors in making decisions related to the Company's operational objectives.
3. Risk assessment inherent in every aspect of the company's business.
4. The implementation of risk management also serves as a guideline for the Audit Committee to fulfill their duty to evaluate and assess the Company's governance.
Risk Profile
The Company, which operates in the oil palm plantation industry, always faces a number of business risks, most of which are external risks and beyond the Company's control. The business risks faced by the Company are in line with the risk characteristics of the commodity sector, such as price fluctuations. The following are a number of risks potentially affecting the Company's business operations:
1. Commodity Price Risk
The palm oil business is constantly affected by price fluctuations due to the rise and fall of supply and demand in the international market. Higher price leads to higher profit for the Company. On Audit Internal diutus atas nama Direksi dan Dewan Komisaris
untuk memberikan keyakinan yang wajar terhadap sistem tata kelola, risiko, dan pengendalian melalui aktivitas asurans.
Evaluasi atas Efektivitas Pengendalian Internal Tahun 2022
Dalam rangka memastikan efektivitas sistem pengendalian internal, Perseroan melaksanakan evaluasi secara rutin untuk memastikan bahwa kebijakan, Standard Operating Procedure (SOP), prinsip akuntansi, manajemen risiko, dan tata kelola di Perseroan berjalan secara efektif dan efisien.
IA melalui arahan Presiden Direktur, mendukung Direksi melalui penelaahan efektivitas sistem pengendalian internal dan membantu manajemen untuk memastikan terdapat koordinasi yang baik antara fungsi-fungsi pengendalian perusahaan yang ada di level Site maupun Head Office sehingga setiap fungsi tersebut dapat menjalankan fungsi kontrolnya secara efektif. Divisi Internal Audit membantu para pemangku kepentingan dengan memberikan jasa asurans dan konsultasi yang mengacu kepada standar Institute of Internal Auditors (IIA).
Berdasarkan penelaahan atas laporan audit tahun 2022 yang dilaporkan, Direksi berkesimpulan bahwa sistem pengendalian internal telah memadai dan efektif untuk melindungi kepentingan Perseroan.
Manajemen Risiko
Sistem manajemen risiko yang berjalan efektif merupakan tugas yang diemban oleh seluruh jajaran manajemen Perseroan secara kolektif. Setiap fungsi atau unit kerja bertanggung jawab melakukan proses tata kelola risiko secara berkelanjutan dimulai dari identifikasi, evaluasi, mitigasi dan monitoring risiko yang sesuai dengan wewenang yang melekat pada masing-masing fungsi.
Tim Risk Management memfasilitasi pengkajian risiko yang diidentifikasi oleh fungsi-fungsi terkait kemudian menyampaikan laporan risiko utama kepada Direksi dan Komite Audit secara berkala.
Perseroan menganalisis semua potensi risiko untuk kemudian merumuskan strategi pengendalian atau manajemen risiko. Tujuan dari penerapan manajemen risiko adalah:
1. Menyediakan informasi yang dibutuhkan oleh Direksi dan manajemen mengenai potensi risiko yang dihadapi Perseroan.
2. Informasi yang tersedia dijadikan dasar bagi Direksi dalam mengambil keputusan-keputusan terkait dengan sasaran operasional Perseroan.
3. Penilaian risiko yang melekat dalam setiap aspek usaha Perseroan.
4. Pelaksanaan manajemen risiko juga menjadi pedoman bagi Komite Audit untuk menjalankan tugas mereka untuk mengevaluasi dan menilai tata kelola Perseroan.
Profil Risiko
Perseroan yang bergerak dalam industri perkebunan kelapa sawit selalu menghadapi sejumlah risiko bisnis, yang sebagian besar di antaranya adalah risiko eksternal dan di luar kendali Perseroan. Risiko usaha yang dihadapi Perseroan sesuai dengan karakteristik risiko sektor komoditas, salah satunya adalah fluktuasi harga. Berikut adalah sejumlah risiko yang berpotensi mempengaruhi operasi bisnis Perseroan:
1. Risiko Harga Komoditi
Bisnis kelapa sawit selalu dipengaruhi fluktuasi harga karena naik turunnya permintaan dan penawaran di pasar internasional. Semakin tinggi harga, maka akan semakin tinggi keuntungan
Untuk memitigasi risiko tersebut, Perusahaan harus memastikan agar CPO yang dihasilkan berkualitas tinggi dengan tingkat produksi dan biaya produksi yang optimal sehingga bisa mempertahankan daya saing di pasar sepanjang tahun.
2. Risiko Keuangan
Risiko keuangan dapat diakibatkan oleh fluktuasi harga pada pasar internasional. Perseroan dan entitas-entitas anaknya mempunyai kondisi likuiditas yang baik, yang bisa mendukung rencana kerja dan dapat menopang Perseroan terhadap kemungkinan fluktuasi harga dan kurs di pasar.
Selain itu, perbankan siap untuk memberikan fasilitas pendanaan bagi Perseroan.
3. Risiko Operasional
Risiko operasional terkait dengan pengelolaan biaya tenaga kerja dan pemupukan. Seperti diketahui, biaya tenaga kerja dan pemupukan merupakan dua komponen biaya terbesar dari total keseluruhan biaya pemeliharaan. Risiko operasional diantisipasi dengan proses pemeliharaan tanaman yang lebih efisien, serta peningkatan produktivitas sumber daya manusia dengan melakukan mekanisasi dan otomasi.
4. Risiko Hukum dan Kebijakan
Sebagai perusahaan yang bergerak di dalam industri perkebunan kelapa sawit, Perseroan menghadapi risiko hukum dan kebijakan. Risiko hukum adalah risiko yang timbul sehubungan dengan pemenuhan aspek legalitas dalam entitas perkebunan yang dikelola Perseroan. Sedangkan, risiko kebijakan terkait dengan perubahan kebijakan di dalam industri kelapa sawit baik kebijakan dari Pemerintah pusat maupun Pemerintah daerah.
Perseroan melakukan monitoring secara berkala atas pemenuhan aspek legalitas dan langkah antisipatif atas penerapan kebijakan pemerintah untuk memitigasi risiko ini.
Risiko hukum juga tekait dengan hubungan antara Perseroan dengan masyarakat di sekitar perkebunan Perseroan. Untuk menjaga hubungan yang harmonis antara Perseroan dengan masyarakat, Perseroan selalu memastikan bahwa kehadiran perkebunan Perseroan selalu memberikan manfaat timbal balik yang positif dengan masyarakat. Ini diwujudkan melalui program tanggung jawab sosial perusahaan.
5. Risiko Bencana
Risiko bencana adalah risiko yang dihadapi oleh Perseroan akibat dari bencana alam seperti banjir, tanah longsor dan gempa bumi. Bencana alam dapat membawa risiko usaha bagi Perseroan.
Karena itu, manajemen Perseroan telah merancang langkah langkah pengurangan risiko bencana dan upaya mengantisipasi jika terjadi bencana alam.
Evaluasi Efektivitas Manajemen Risiko
Perseroan telah menerapkan sistem manajemen risiko secara berkala khususnya untuk risiko-risiko utama yang telah diidentifikasi dapat berdampak luas pada Perseroan. Sistem pengendalian internal Perseroan disusun diantaranya untuk dapat memitigasi risiko-risiko tersebut dan Laporan konsolidasi risiko utama telah disampaikan dan ditelaah kepada direksi dan komite audit secara berkala.
Berdasarkan penelaahan atas laporan konsolidasi risiko utama tahun 2022 yang dilaporkan, Direksi berkesimpulan
To mitigate these risks, the Company must ensure that the CPO produced is of high quality with optimal production levels and costs to maintain competitiveness in the market throughout the year.
2. Financial Risk
Financial risk may be driven by price fluctuations in international markets. The Company and its subsidiaries have a healthy liquidity position, which supports the Company's work plan and can buffer the Company against possible fluctuations in market prices and exchange rates. In addition, the banking sector is ready to provide funding for the Company.
3. Operational Risk
Operational risk relating to the management of labor and fertilization costs. It is well known that labor and fertilization are the two largest expense components of the total maintenance cost. Operational risks are anticipated by maintaining crops more efficiently, as well as increasing the productivity of human resources through mechanization and automation.
4. Legal and policy risks
As a palm oil plantation company, the Company is facing legal and policy risks. Legal risk consists of risks arising in connection with the fulfillment of legal aspects in the plantation entities managed by the Company. While the policy risk is related to policy changes in the palm oil industry, both policies from the national and regional governments. The Company periodically monitors the fulfillment of legality aspects and anticipatory steps on the implementation of government policies to mitigate these risks.
Legal risk also related to the Company's relationship with the communities surrounding the Company's plantations. Maintaining a harmonious relationship between the Company and the community, the Company continuously ensures that the presence of the Company's plantations always provides mutual positive benefits to the community. The company achieves this through corporate social responsibility programs.
5. Disaster Risk
Disaster risk is the risk faced by the Company due to natural disasters such as floods, landslides and earthquakes. Natural disasters can cause business risks for the Company. Therefore, the company's management has designed disaster risk reduction measures and efforts to anticipate in the event of natural disasters.
Evaluating the Effectiveness of Risk Management The Company regularly implements risk management system, focusing specifically on major risks identified as potentially affecting the Company. The Company's internal control system is formulated to be able to mitigate these risks and consolidated reports on major risks are periodically submitted and reviewed by the board of directors and the audit committee.
Based on the review of the consolidated report of major risks reported in 2022, the Board of Directors concluded